Hi Sara, On 7/1/20 5:00 AM, Sara Dickinson wrote: > > >> On 28 Jun 2020, at 19:44, Alissa Cooper via Datatracker <[email protected]> >> wrote: >> >> Alissa Cooper has entered the following ballot position for >> draft-ietf-dprive-bcp-op-10: Discuss >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> Trimmed to the one outstanding point from my original DISCUSS: >> >> I do not think item #5 in Section 6.1.2 belongs in this document. I don't see >> how it is within scope for the IETF to be specifying these sorts of best >> practices, which are not technical or operational in nature but focus on >> legal >> matters and likely require the involvement of lots of lawyers in order to get >> the provisions written. This section implies that the DROP documents would >> become legal/compliance documents by nature, which may or may not be a good >> choice but is not within the remit of the IETF to specify. Also, I think what >> this section asks for is not the norm today and therefore it seems odd for >> the >> IETF to specify a best practice that operators may not have any chance of >> being >> able to comply with (e.g., listing specific law enforcement agencies, privacy >> laws, or countries where data centers will reside and the data will never >> move >> from them). > > After discussion amongst the authors, we are very keen to at least retain a > placeholder within the DROP statement so that readers can easily access any > complimentary documents that do deal with such matters. We would like to > propose replacing item 5 with the following text: > > “5. Data Processing. This section can optionally communicate links to and the > high level contents of any separate statements the operator has published > which cover applicable data processing legislation or agreements with regard > to the location(s) of service provision. " >
So, the intent is to specify a place for providers to make optional statements relevant to their operations, correct? If so, that seems reasonable to me. Alissa? I would suggest making sure the example in the Appendix aligns with this change. Regards, Brian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
